Preface on Sub-Controls 13.1 and 13.2

As with previous controls, Control 13.1 requires an initial inventory be collected. Using the data from previous controls, the security team can formulate a plan to create the inventory of Data assets. Tenable Security Center is often associated with multiple scans per-week (for example, discovery, mitigation, and vulnerability scans). Scanning systems using the Content audit files can be very disk intensive, and Nessus reads the first part of many files. You can plan these scans more strategically, and store this data in a separate repository. The data should not be mixed with other vulnerability or compliance data. After the data is collected, the security team can begin to identify the best approach to managing the classification and data leakage prevention task. Listed below are descriptions of the current dashboard templates, all of which present the data differently and can help in understanding the where data is located.

Sensitive Data: Sensitive data includes, but is not limited to, personal and financial data, credit cards, Social Security numbers, and any other data that can facilitate identity theft, or identify an individual. Other forms of sensitive data may include copy-written data. Sensitive data can also be customer data, contact information, memberships, or political opinions. With the increasing amount of data being generated by businesses and individuals across the Internet, locating and protecting sensitive data has become crucial. Intruders and malicious organizations attempt to gain access to sensitive data through weakness and vulnerabilities in computer systems and networks. Identifying these weaknesses and keeping systems updated is solid first step to protecting sensitive data. This dashboard summarizes for the analyst a variety of checks from sensitive data audits, and checks for the presence of items that may contain sensitive data. Compliance failures could potentially lead to the loss of sensitive data.

For more information about the sensitive data dashboard, see Systems with Sensitive Data.

Windows or Unix File Contents Audit Results: Governance, Risk Management, and Compliance (GRC) is a substantial part of any information assurance program. A GRC requires information systems to be audited, regardless of the standard to which the audit is performed. Tenable Security Center Continuous View using Nessus can perform Unix Content .audit checks. The content audit checks differ from Unix Configuration .audit checks in that they are designed to search a Unix file system for specific file types containing sensitive data rather than enumerate system configuration settings. The Content .audit checks include a range of options to help the auditor narrow down the search parameters and more efficiently locate and display noncompliant data. An example of non-compliant content is PII (Personally Identifiable Information) or PHI (Protected Health Information). This dashboard provides the audit results for Windows or Unix File Contents.

Removable Media and Content Audits: Data loss can occur through several methods. This dashboard focuses on tracking usage of USB devices, CD-ROMs, DVD-ROMs, and other removable media auditable events. Security analysts should also be concerned about the classification of data stored on local computers. In conjunction with scans using Nessus content audit files, systems containing classified data are easily identified. This dashboard focuses on auditing the use of removable media and storage of sensitive documents on local storage devices. The first step in monitoring sensitive data is to have an operational data classification policy and detailed set of storage guidelines. The next step is to create an auditing program for all storage mediums. Tenable provides a series of audit files called Sensitive Content Audit Policies for Nessus and SecurityCenter Continuous View (CV). These audit policies look for credit cards, Social Security numbers, and many other types of sensitive data. Many of the other audit files contain audit controls for CD-ROMs, USB devices, and other storage types.

To audit for the storage of classified data, the organization should download the appropriate content audit files and modify the files accordingly. There are two modifications that may be required: the file_extension and max_size values. The file_extention [file_extension: 'pdf' | 'doc'] value contains the extension of the files that will be searched. The max_size value is the amount of data in the file that will be searched. For example, if the max-size is set to 20k, then the first 20k of the file will be searched. Other fields that might need adjusting are the regex and expect fields. However, these changes require extensive testing.